OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Possible symlink problems with Netscape 4.73
From: foo (fooBLACKLISTED.INTRANOVA.NET)
Date: Wed May 10 2000 - 15:31:16 CDT


It appears that Netscape 4.73 (and earlier versions) incorrectly creates
a temporary file in '/tmp' when importing certificates:

...
open("/tmp/tmp3919AA5000A07DC", O_WRONLY|O_CREAT|O_TRUNC, 0666) =
25
fchmod(25, 0600) = 0
fstat(25, {st_mode=0,st_size=0, ...}) = 0
...

Netscape doesn't try to stat()/lstat() the file beforehand, although it
wouldn't help much since open() uses O_TRUNC without O_EXCL(which is the
problem in itself).

I sent a small note about this to Netscape a number of months ago and have
not received a reply. (am I possibly missing something here?, *shrug*)
Not a big bug, but a bug nonetheless =)